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WHAT  THE  CUSTOMER  WANTS 

MAINTENANCE-FREE  AND  FAILURE-FREE  OPERATING  PERIODS  TO  IMPROVE 
OVERALL  SYSTEM  AVAR  ABILITY  AND  RELIABILITY 

SQUADRON  LEADER  P MITCHELL 

MSC  BEng  CEng  MRAeS  RAF 
Logistics  (OR)  5D  Room  F30 
HQLC,  RAF  Brampton 
Huntingdon,  Cambs.  PE  18  8QL,  UK 


INTRODUCTION 


AIM 


BACKGROUND 

1 . Military  commanders  require  high  levels  of 
mission  effectiveness  and  supportability  to  ensure 
success  in  an  inherently  hostile  environment.  The 
emphasis  must  be  on  safe  equipment  operation  under  a 
variety  of  adverse  environmental  conditions  and  with  a 
minimal  logistics  support  footprint.  In-service 
experience  shows  that  unreliability  of  defence 
equipment  remains  a dominant  factor  during  operations 
and  training  and  that  there  are  deficiencies  in  the 
traditional  specification  of  military  reliability 
requirements.  Consequently,  an  alternative  method  for 
specifying  reliability  is  required,  one  which  is  not 
subject  to  the  uncertainties  of  characterising  product 
reliability  with  a single  failure-rate  number  or  Mean 
Time  Between  Failure  (MTBF).  The  traditional 
approach  to  reliability  specification  has  been  based  on 
often  unrealistic  reliability  predictions  followed  by 
potentially  endless  product  testing  to  provide  assurance, 
without  the  recognition  that  many  failures  can  be 
prevented  by  attention  to  basic  design  details. 
Manufacturers  need  to  develop  a better  understanding  of 
materials  and  process  conditions,  and  their  effects  on 
product  reliability,  in  order  to  provide  the  customer  with 
defence  equipment  that  works  when  needed  and 
continues  operating  for  a defined  period  of  time. 

2.  High  mission  effectiveness  in  future  defence 
equipment  is  achieved  by  accurate  predictions  of  in- 
service  reliability  and  minimum  system  functionality. 
Thus,  new  reliability  techniques  are  required  that  foster 
fault  prevention  and  control  and,  most  importantly, 
focus  on  user  operational  requirements.  The  ultimate 
goal  is  to  reduce  the  dependence  on  characterising 
reliability  bv  a single  failure-rate  number,  ie  MTBF,  and 
to  look  for  new  methodologies  which  focus  on  causes  of 
failure  and  their  control  or  elimination,  rather  than 
measuring  and  responding  to  their  effects.  This  leads  to 
the  twin  concepts  of  Maintenance-Free  and  Failure-Free 
Operating  Periods  which  are  alternative,  more  practical, 
approaches  to  specifying,  measuring  and  assuring 
product  reliability.  The  implementation  of  this  new 
approach  would  involve  an  evolutionary'  progression 
from  the  current  system. 


3.  The  aim  of  this  paper  is  to  promote  the 
philosophy  of  Maintenance/Failure-Free  Operating 
Periods  (M/F-FOP)  as  an  additional  methodology  for  the 
specification  and  assurance  of  defence  equipment 
reliability. 

DEFINITIONS 

4.  Failure-Free  Operating  Period  (F-FOP)  is  a 
period,  measured  in  appropriate  units,  when  the  system 
is  meeting  its  minimum  operating  capability. 

5.  Maintenance-Free  Operating  Period  (M-FOP) 
is  a period  of  operation  during  which  the  system  must  be 
able  to  carry  out  all  its  assigned  missions  without  any 
maintenance  action  and  without  the  operator  being 
restricted  in  any  way  due  to  system  faults  or  limitations. 

PRODUCT  RELIABILITY  REQUIREMENTS 

6.  We,  the  customer,  have  allowed  the  current 
approach  to  reliability  specification  to  prevail,  in  that 
we  expect  a MTBF  or  its  reciprocal,  a failure  rate,  to 
form  part  of  a proposal  from  an  equipment  supplier. 
Vendors  may  then  typically  estimate  the  product's 
reliability  by  using  commercial  reliability  models,  such 
as  Mil-Hdbk-217  in  the  specific  case  of  electronics 
equipment.  On  other  occasions  an  internal  proprietary 
reliability  model  may  have  been  developed  and 
maintained,  based  on  historical  or  test  data  and  an 
assumed  failure-rate.  Often,  the  prediction  methodology 
used  assumes  an  exponential  failure-rate,  meaning  that 
random  failures  and  faults  are  inevitable.  The  use  of 
MTBF  has  thus  bred  and  sustained  a culture  of 
inevitable  and  acceptable  failure,  a tacit  acceptance  that 
equipment  will  fail  randomly  with  little  incentive  to 
understand  the  mechanisms  of  when  and  why  failures 
occur.  Once  an  equipment  has  been  allocated  a 
particular  reliability  level,  it  has  been  traditional  for 
most  activities  to  then  concentrate  on  nourishing  this 
belief  in  random  failure,  using  predictions  and  other 
statistical  tools,  based  on  the  application  of  exponential 
theory,  without  addressing  the  underlying  mechanistic 
reasons  for  failure. 

7.  The  majority  of  random  failure  modes  can  be 
removed  by  study  into  the  mechanics  of  failure  followed 
by  interactive  design  influence.  In  particular,  most 
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avionics  failures  have  been  attributed  to  associated 
mechanical  problems  such  as  packing  densities,  quality 
assurance  shortfalls,  and  heavy  exposure  to  vibration, 
dust  and  moisture.  Taking  steps  to  remove  these  causes 
of  failure  reduces  the  number  of  random  failures  such 
that  many  of  the  remaining  failure  modes  exhibit  certain 
mechanics  of  failure  that  have  non-randoin  failure 
distributions.  These  failure  distribution  curves  can  then 
be  plotted  and  used  to  determine  overall  product 
durability  or  a minimum  required  time  to  failure, 
eventually  creating  better  generic  design  tools.  . It  is 
generally  accepted  that  as  equipment  operating  time 
increases,  then  the  probability  of  failure  increases: 
extending  the  durability  of  an  element  increases  its 
probability  of  failure.  Reliability  requirements  will 
need  to  be  optimised  in  terms  of  durability  and  its 
associated  probability  of  failure. 

8.  The  nuclear  and  space  industries  aim  to 
eradicate  random  failures  from  the  outset  and  the  car 
and  rail  sectors  are  following  suit,  hi  many  defence 
related  industries,  the  continuing  acceptance  of  the 
random  failure  approach  inhibits  the  most  effective  use 
of  limited  in-service  support  resources  and  will  be  a 
continuing  factor  impeding  the  effectiveness  of  future 
operations. 

PRODUCT  RELIABILITY  ASSURANCE 

9.  Traditionally,  reliability  levels  have  been 
monitored  through  product  development  and  testing.  As 
technology  approaches  the  boundaries  of  material  and 
process  capabilities,  as  ever  greater  levels  of  reliability 
are  predicted,  and  as  the  demonstration  of  such  levels  is 
expected  in  shorter  timescales,  practical  limits  to  the 
traditional  approach  of  reliability  demonstration  are 
being  reached.  It  is  currently  a reactive  process, 
characterised  by  the  use  of  sample  tests  as  a means  of 
monitoring  product  reliability  levels  and  subsequent 
reaction  to  any  signs  of  degradation,  hi  contrast  to  this 
scenario  the  M/F-FOP  approach  is  a new  method  of 
reliability  specification,  based  on  the  identification  and 
control  of  the  causes  of  unreliability.  It  is  intended  to 
anticipate  failure  and  design  it  out,  rather  than  reacting 
to  developmental  failures.  The  aim  is  to  provide  greater 
assurance  of  enhancing  equipment  reliability7  and  its 
predictability  in  service.  This  is  achieved  by 
understanding  and  controlling  those  elements  in  product 
design,  manufacture  and  use  which  affect  system  and 
component  reliability. 

10.  Military  contracts  often  require  suppliers  to 
implement  a prescribed  reliability  programme  and  to 
perform  tests  aimed  at  achieving  specified  contractual 
reliability  requirements  in  terms  of  allowable  failure 
rates.  Many  of  these  tasks  are  reactive  in  nature,  in  that 
they  represent  fault  detection  rather  than  prevention. 
Other  activities,  which  are  designed  to  be  proactive, 
frequently  turn  out  to  be  reactive  because  contractors 
pay  lip-service  to  them,  perhaps  by  conducting  them  far 
too  late  to  be  able  to  influence  the  design  process.  One 
such  example  is  a Failure,  Modes,  Effects  and 
Criticality  Analysis  which,  when  conducted  at  the 
relevant  stage,  can  influence  design  and  provide 


designers  with  an  understanding  of  the  consequences  of 
failure,  thus  allowing  effective  alterations  to  be 
incorporated  as  necessary.  However,  it  is  often  applied 
too  late  to  have  any  meaningful  impact  on  the  design 
and  is  often  regarded  as  a deliverable  to  the  MOD  rather 
than  an  aid  to  design 

1 1 . During  testing,  sample  sizes  required  to 
resolve  low  failure  rates  become  impracticably  large  and 
economically  untenable.  To  present  large  numbers  of 
components  for  confidence  testing,  either  for 
qualification  or  monitoring  purposes,  is  unrealistic. 
During  such  testing  and  initial  production,  few  products 
are  available  at  a time  when  manufacturers  wish  to 
maximise  the  number  of  parts  for  delivery  to  the 
customer.  Even  during  full  production,  there  is 
reluctance  to  divert  large  numbers  of  components  for 
testing  and  suffer  the  consequent  financial  loss.  Also, 
with  small  order  quantities,  there  is  ever)7  chance  that 
the  number  of  parts  needed  for  testing  would  exceed  the 
total  number  produced.  Consequently,  the  return  on 
investment  in  conducting  tests  to  provide  evidence  of 
product  reliability  needs  to  be  carefully  evaluated  as 
component  reliability  estimates  increase.  Testing  for 
high  MTBF  potentially  requires  massive  investment  in 
parts  and  test  time  which  manufacturers  are 
understandably  reluctant  to  do.  This  again  leads  to  the 
2 linked  concepts  of  M/F-FOP,  aimed  at  overcoming 
this  dilemma  whilst  also  providing  the  military 
commander  with  greater  operational  availability  and 
mission  reliability.  M/F-FOP  confidence  would  be 
obtained  by  a combination  of  progressive  assurance 
during  development  and  production  supported  by  a 
tailored  in-service  demonstration. 

FAILURE-FREE  OPERATING  PERIOD 

12.  A Failure-Free  Operating  Period  (F-FOP) 
means  that  the  equipment  is  able  to  operate  to  its  full 
mission  requirement  for  the  period  required  or 
specified.  There  may  well  be  faults  which  occur, 
however,  the  required  system  operation  is  unaffected 
and  thereby  no  functional  failure  is  recorded.  Clearer 
comprehension  of  the  mechanics  of  failure  and 
ruggedness  of  components,  together  with  better 
understanding  of  the  operational  environment  can  lead 
to  a probability  of  time  in-service  before  the  occurrence 
of  a failure.  The  ability  to  plan  for  known  periods  of 
high  operational  availability  remains  a key  feature  in  the 
effective  use  of  expensive  assets.  To  achieve  this, 
specifying  reliability  in  terms  of  a F-FOP  is  a realistic 
option.  Tire  reliability  requirements  of  some  minor  RAF 
equipment  have  already  been  specified  in  terms  of  a F- 
FOP.  This  does  not  mean  that  faults  cannot  occur,  but 
rather  that  any  faults  which  do  arise  are  absorbed  by  the 
inherent  fault  tolerant  architecture  of  the  system.  The 
application  of  a F-FOP  maintains  system  functional 
capability  whilst  not  necessarily  restricting  maintenance 
activity  to  certain  periods,  and  as  such  is  more 
applicable  to  CE  systemsOne  example  of  the  application 
of  a F-FOP  is  a ground-based  radar  installation,  where 
the  maintenance  timing  is  not  necessarily  constrained. 
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MAINTENANCE-FREE  OPERATING  PERIOD 

13.  A Maintenance-Free  Operating  Period  (M- 
FOP)  for  a weapon  system  is  a period  of  operation 
during  which  a number  of  assigned  back-to-back 
missions  would  be  carried  out,  without  any  mission 
losses  due  to  system  faults  and  with  no  unscheduled 
maintenance  activity.  As  with  the  F-FOP,  this  does  not 
necessarily  mean  that  the  system  must  be  fault  free, 
rather  that  any  fault  which  does  occur  must  be  absorbed 
by  the  system  and  not  lead  to  system,  and  potentially 
mission,  failure.  Even  if  a fault  occurs  on  the  first 
sortie,  the  system  must  be  able  to  continue  to  the  end  of 
the  M-FOP  with  that  fault  still  present.  The  only 
maintenance  envisaged  during  the  M-FOP  would,  for  a 
military  aircraft,  be  that  typically  carried  out  during 
flight  servicings.  This  would  include  re-arming, 
refuelling  and  routine  inspections.  The  M-FOP  concept 
is  currently  being  addressed  within  ST(A)425  Future 
Offensive  Air  System  (FOAS)  feasibility  studies  to 
demonstrate  that  in  theory  M-FOP  is  technically 
achievable  and  to  reduce  project  risk  from  poor 
reliability. 

MAINTENANCE  RECOVERY  PERIOD 

14.  When  the  equipment  requires  maintenance 
this  would  be  carried  out  during  a Maintenance 
Recovery  Period  (MRP).  After  each  designated  M-FOP 
there  would  be  a MRP  which  would  include  all 
maintenance  actions  necessary  to  recover  the  weapon 
system  to  a state  whereby  it  can  complete  the  next  M- 
FOP.  The  length  and  content  of  the  MRP  would  be 
directly  related  to  the  length  of  the  previous  M-FOP  and 
the  required  length  of  the  subsequent  M-FOP. 

1 5 . Within  the  MRP  there  would  be  different 
maintenance  policies  for  different  systems  and 
equipment,  but  at  this  stage  there  should  not  be  any  pre- 
conceived solutions,  This  responsibility  would  fall  to 
the  Design  Authority,  who  may  need  to  make  trade-off 
decisions  about  improving  the  reliability  of  one  part  of 
the  design  to  achieve  a more  practical  system  or  overall 
M-FOP.  Generally,  the  aim  would  be  for  all 
maintenance  to  occur  on  a planned  basis  which  would 
mean  that  the  designer  would  have  a much  greater 
appreciation  of  how'  and  when  items  fail. 

ENABLING  TECHNOLOGY 

ACHIEVING  A MAINTENANCE-FREE  OR  FAILURE- 
FREE  OPERATING  PERIOD 

16.  Fundamental  to  the  achievement  of  a M/F- 
FOP  will  be  a bottom-up  approach  to  reliability  with  a 
clear  understanding  of  why  items  fail  and  an  ability  to 
predict  accurately  when  they  will  fail  in  use.  Gathering 
relevant  environmental  data  such  as  aircraft  localised 
vibration,  temperature  and  humidity,  as  well  as 
indicative  failure  characteristics  at  the  earliest  stage  in 
the  development  programme,  will  offer  designers  much 
better  opportunities  to  design  for  durability  and 
reliability.  An  early  indication  of  design  weaknesses 
will  also  allow'  precious  resources  to  be  focused  in  the 


appropriate  development  areas  to  maximise  return  on 
investment.  Specifying  reliability  in  terms  of  M/F- 
FOPs  would  motivate  the  designer  to  devise  a fault 
tolerant  architecture.  Naturally,  the  reversionary 
configurations  w'ould  need  to  meet  relevant 
airworthiness  requirements.  An  essential  factor  in  such 
fault  tolerance  is  detection  using  BIT  and  HUMS, 
together  with  an  ability  to  override  item  failure.  The 
following  techniques  and  methods  are  relevant: 

a.  Condition  Monitoring. 

Measurement  and  interpretation  of  data, 
condition  indication,  determination  of 
maintenance  requirement. 

b.  Redundancy.  To  achieve  fault 
tolerance,  using  either  hardware,  software  or 
data  duplication  in  various  forms.  Can 
achieve  significant  reliability  gains  but  at  cost 
of  potential  increased  complexity,  weight, 
volume  and  power  consumption. 

c.  Re-configuration.  Recovery', 
automatic  or  otherwise,  of  a system  after  a 
failure  without  the  need  for  the  system  to  go 
off-line. 

d.  Advanced  Diagnostics.  To  enable 
timely,  accurate  failure  diagnostics  to  support 
minimum  repair  times  during  the  MRP. 

e.  Prognostics.  The  capability  to  detect 
early  warning  of  impending  failure,  enabling 
pre-emptive  maintenance  action  to  be  carried 
out  or  to  trigger  re- configuration  or 
redundancy  processes. 

f.  Reversionary  Modes.  Allowing  the 
software  to  back-up  when  a failure  occurs  and 
take  a different  path,  thus  bypassing  failure 
causes. 

g.  N-version  Programming.  A software 
form  of  redundancy,  involving  voting  between 
differently,  often  independently,  developed 
software  units. 

h.  Recovery  Blocks  and  Self  Healing. 
Backwards  error  recover)'  carried  out  by 
periodically  saving  the  system  state  and 
reverting  to  it  when  necessary'. 

j.  Exception  Handling.  Giving  the 

software  the  ability  to  deal  actively  with 
failures,  so  avoiding  system  crashes  or 
erroneous  results. 

CHANGING  DURATION  OF  A MAINTENANCE- 
FREE  OR  FAILURE-FREE  OPERATING  PERIOD 

17.  Statistical  analysis  should  substantiate  the 
reliability  of  the  proposed  architecture  and  identify 
faults  likely  to  occur  during  the  operating  period.  Once 
equipment  has  reached  a mature  in-service  phase,  the 
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periods  of  maintenance-free  operation  may  be  amended 
in  the  light  of  further  analysis  of  user  experience. 
However,  these  changes  would  not  be  appropriate  for 
immature  equipment  without  the  requisite  field 
experience  and  supporting  data. 

CURRENT  RESEARCH 

1 8.  Under  the  auspices  of  The  Committee  for 
Defence  Equipment  Reliability  and  Maintainability 
(CODERM),  some  practical  aspects  of  specifying 
reliability  using  the  M/F-FOP  approach  have  been 
examined.  Whilst  much  work  remains  to  be  conducted, 
desk  level  agreement  has  been  reached  that  M/F-FOP  is 
an  acceptable  alternative  for  the  specification  of 
reliability,  provided  that  evolving  results  from  continued 
conceptual  development  substantiate  its  future  effective 
use.  In  addition,  under  the  Society  of  British  Aerospace 
Companies  (SB AC)  Foresight  Action  initiative,  which 
aims  to  provide  a national  programme  for  aerospace 
growth  through  capability  demonstration,  the  Ultra 
Reliable  Aircraft  programme  is  developing  the 
application  of  M/F-FOP  through  modelling  activities  in 
particular.  The  current  Future  Offensive  Air  System 
(FOAS)  feasibility  study  phase  requires  the  contractor  to 
examine  M/F-FOPs  with  respect  to  FOAS.  This  is 
creating  additional  research  in  itself.  Work  in  the 
United  States,  partly  MOD  funded  and  with  active 
MOD  participation,  is  investigating  physics  of  failure 
mechanisms,  the  results  of  which  will  benefit  designers 
working  to  M/F-FOP  criteria.  Through  the  presentation 
of  papers  and  formal  and  informal  contacts  with  defence 
industry  representatives,  the  concept  of  M/F-FOP  is 
becoming  better  understood  and  acknowledged  as  a 
potential  significant  contributor  to  enhanced  weapon 
system  reliability. 

CONSEQUENCES 

IMPACT  OF  A MAINTENANCE-FREE  OR  FAILURE- 
FREE  OPERATING  PERIOD 

1 9.  M/F-FOP  approaches  reliability  from  a 
different  standpoint,  focusing  on  determining  and 
understanding  causes  of  unreliability  or  failure  and 
eliminating  or  controlling  them.  Not  only  does  this 
allow  potentially  a new  way  of  ensuring  product 
reliability,  but  it  also  provides  a methodology  for 
improving  it. 

20.  M/F-FOP  involves  a continuing  search  for, 
and  implementation  of,  reliability-driven  designs. 
Characteristics  of  such  designs  mean  that  a product 
should  be  more  resistant  to  failure  mechanisms,  defects, 
and  the  degradation  of  materials  and  components.  This 
obviously  requires  effective,  informed  communication 
between  all  disciplines  involved  in  the  design, 
development,  manufacture  and  use  of  the  system. 
Assuring  and  improving  reliability  requires  an 
integrated  effort  between  suppliers  and  customers,  a 
responsibility  which  implies  the  removal  of  some 
organisational  walls.  In  addition,  current  customer 
expectations  of  failure-rate  predictions  based  on  test 
data  wall  have  to  be  re-directed  to  be  consistent  with  an 


emerging  M/F-FOP  methodology.  To  modify  such 
expectations  and  promote  the  role  of  the  customer  in  the 
M/F-FOP  process,  the  degree  of  trust  and 
communication  between  customers  and  suppliers  must 
be  increased  substantially  from  current  levels.  1 his  is 
precisely  the  message  emanating  from  both  MOD  and 
the  Defence  Industry  in  the  wake  of  SDR  and  Smart 
Procurement : there  must  be  greater  openness  and  trust 
to  underpin  mutually  beneficial  partnering 
arrangements. 

BENEFITS 

21 .  The  fact  that  a weapon  system  will  only  need 
particular  levels  of  maintenance  at  pre-determined 
intervals  would  greatly  enhance  the  mission  operational 
effectiveness.  Systems  would  be  available  when  needed 
and  mission  failures  would  be  significantly  reduced. 
Maintenance  downtime  would  be  programmed  around 
operational  commitments,  with  concomitant  simplified 
supply  chain  management.  Being  able  to  make  dramatic 
reductions  in  unscheduled  maintenance  arising  rates 
would  be  a major  advance.  It  would  minimise  logistics 
support  and  the  costs  to  repair.  To  realise  this  objective 
will,  however,  require  a significant  culture  change 
amongst  many  key  defence  contractors.  Other  potential 
benefits  include: 

a.  M/F-FOP  is  simpler  than  MTBF.  It 
therefore  offers  an  improved  basis  upon  which 
to  contract  for  reliability. 

b.  Familiar  and  comfortable  design 
practices  would  be  abandoned  and  contractors 
would  gain  a deeper  insight  into  their  product. 
There  would  be  greater  research  effort  into 
failure  mechanisms  and  development  of  the 
necessary'  design  tools. 

c.  Reduced  random  component  failures. 

d.  A physics  of  failure  approach  would 
be  more  likely  to  identify  the  true  causes  of 
failure  than  a statistical  analysis  involving 
MTBF. 

e.  The  assumption  of  a constant  failure 
rate  would  be  challenged  because  system 
predictions  would  be  built-up  from  the  sum  of 
the  individual  component  failure  distributions, 
rather  than  as  a population,  giving  a more 
realistic  bottom -up  rather  than  top-down 
approach. 

f.  Using  the  principle  of  a failure- free 
period  rather  than  failures  randomly  occurring 
would  alter  the  basis  of  logistics  planning. 
Compared  with  using  reliability  predictions 
based  on  constant  failure  models,  more 
realistic  spares  provisioning  should  be 
possible,  and  expensive,  inconvenient 
unscheduled  maintenance  should  be 
minimised. 
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g.  The  approach  would  deliver  a 

simple  and  more  confident  prediction  of  fleet 
costs  and  lease  pricing  details.  Although 
contracting  mechanisms  for  M/F-FOP  need  to 
be  developed,  they  do  lend  themselves  to 
alternative  methods  of  logistics  support. 

RISKS  AND  COSTS 

22.  There  are  potential  risks  and  costs  in  moving 
from  MTBF  to  a M/F-FOP.  The  new  approach  may 
increase  the  frequency  of  inspection  or  refurbishment 
requirements  for  some  parts.  Other  components  may  be 
scrapped  before  the  end  of  their  previously  used  life. 
Each  component,  LRU  and  system  will  require  design 
analysis  to  establish  its  optimum  M/F-FOP  and 
associated  cost.  Some  items  will  need  little  change, 
however,  others  may  require  design  changes  or  an 
appraisal  of  whether  inspection,  refurbishment  or 
scrapping  would  be  more  cost-effective.  Modelling  this 
scenario  to  determine  potential  manpower  savings  has 
proved  difficult.  In  addition,  there  is  the  possible 
increase  in  acquisition  cost  as  a result  of  the  more 
rigorous  design  process.  It  will  be  essential  that  further 
work  is  undertaken  to  understand  the  trade-off  between 
the  investment  in  design/manufacture  for  M/F-FOP  and 
the  cost/operational  consequences  of  today’s  poor 
equipment  reliability. 

23.  There  is  the  additional  problem  of  aggregation 
of  a large  number  of  individual  LRUs,  sub-systems  and 
system  M/F-FOP  into  an  overall  weapon  system  M/F- 
FOP  which  needs  skilled  techniques  and  analysis  to 
considerable  depth.  A clearer  understanding  of  the 
M/F-FOP  concept  will  require  an  integrated  knowledge 
of  engineering  process  design,  an  appreciation  of 
practical  in-use  problems  and  an  understanding  of 
statistics.  If  the  potential  benefits  are  not  to  be  negated 
at  the  systems  integration  stage,  prime  contractors  will 
need  to  introduce  process  improvements  and  pay  greater 
attention  to  detail  during  this  phase.  Partnership 
between  sub-contractors,  suppliers,  prime  contractors 
and  customers  will  be  essential.  The  greatest  risks  lie 
with  system  integration  and  participant  motivation,  yet 
the  potential  rewards  are  huge,  both  for  producers  and 
customer  alike. 

FUTURE  AREAS  OF  STUDY 

24.  Further  work  is  required  to  establish  the  main 
inter-relationships  with  operational  effectiveness  and 
logistics  support  when  using  M/F-FOP.  This  would 
include:  application  to  different  types  of  projects,  for 
example,  COTS:  statistical  inferences  of  M/F-FOP  and 
associated  confidence  levels;  contracting  issues; 


methods  for  the  assurance  or  demonstration  of  M/F- 
FOP;  and  how  the  use  of  M/F-FOP  would  interact  with 
the  ILS  process.  These  are  significant  pieces  of  work, 
which  have  been  brought  to  the  attention  of  CODERM 
and  which  must  be  taken  forward  in  partnership  with 
industry.  Moreover,  experience  to  date  suggests  that 
reliability  requirements  for  certain  new  projects  should 
be  specified  in  terms  of  a M/F-FOP  whenever 
appropriate.  Understanding,  experience  and  knowledge 
will  thus  be  enhanced.  Furthermore,  discussions  and 
research  through  CODERM  show  the  applicability  of 
M/F-FOP  across  all  defence  environments.  It  is 
therefore  essential  that  the  approach  is  matured  on  a 
pan-PAO  basis. 

CONCLUSIONS 

25.  Current  reliability  specification  methods  do 
not  take  account  of  the  understanding  of  fundamental 
failure  processes.  An  alternative  , M/F-FOP,  embraces 
a logical,  integrated  approach  to  reliability,  targeted  at 
achieving  greater  accuracy  in  weapon  system  reliability 
predictions  and  hence,  increased  operational  availability 
and  reductions  in  life  cycle  costs.  Product  reliability 
assurance  for  items  with  high  predicted  MTBF  and 
hence  low  failure  rates  becomes  a costly,  inaccurate 
process.  Design  to  M/F-FOPs  focuses  on  causes  of 
failure,  and  their  control  or  elimination,  rather  than  on 
measuring  and  responding  to  their  effects.  The  success 
of  M/F-FOPs  lies  in  the  designer’s  clear  understanding 
of  failure  mechanisms  in  the  appropriate  environment,  a 
comprehensive,  integrated  design  approach  and  the 
further  maturity  of  key  enabling  techniques.  Current 
limited  work,  supported  by  CODERM,  is  developing 
M/F-FOPs. 

26.  Progression  of  M/F-FOP  swill  require  specific 
partnering  between  customers  and  suppliers  at  all 
levels.  Additional  potential  benefits  of  such  partnering 
would  include  a stronger  basis  on  which  to  contract  for 
reliability,  greater  insight  into  product  design,  enhanced 
realism  in  spares  predictions  and  reduced  logistics  costs. 
Risks  lie  with  enabling  technologies  not  being 
sufficiently  mature,  particularly  modelling  techniques 
and  the  need  to  demonstrate  clear  cost  reductions  over  a 
product’s  life  cycle.  Factors  such  as  premature  item 
replacement  before  useable  life  is  consumed,  the 
successful  integration  of  a large  number  of  items  with 
different  failure  rate  distributions  and  the  need  for 
additional  up-front  design  will  all  have  an  impact  on 
cost.  It  is,  therefore  essential  that  future  areas  of  study 
are  identified,  prioritised  and  funded  with  MOD. 
through  CODERM  and  in  partnership  with  industry7, 
playing  a leading  role. 
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Maintenance  and  Failure- 
Free  Operating  Periods 

M/F-FOPs 

Sqn  Ldr  P Mitchell  RAF 
LOGS(OR)5d 
01480  52151  ext  6213 
pm@logs4raf.  demon,  co . uk 


WHAT  DOES  THE  FUTURE 
HOLD? 

• Pressure  on  Defence  Budget 

• Smaller  RAF 

• Less  Manpower,  more  efficiency 

• More  deployments,  more  flexibility 

• More  complexity  and  more  expense 

• Global  competition 


THE  KEY  TO  FUTURE  AIR 
POWER 

MISSION  EFFECTIVENESS 

Weapons  that  Work 

Whenever  Required 

^ and  keep  on 

MISSION  RELIABILITY 

j|l  Working 

W w* 

WHAT  THE  CUSTOMER 
ACTUALLY  NEEDS 


m 


Guaranteed  Periods  of  Availability 
I result 

: Mission  Effectiveness 

Planning  Certainty 
Minimum  Logistic  Footprint 


DEFINITIONS 

♦ Reliability  is:  the  ability  of  an  item  to 
perform  a required  function  under  stated 
conditions  for  a specified  period  of  time. 
De  fence  Standard  00-40  Part  1. 

* OR:  the  duration  of  failure  free 
performance  under  stated  conditions. 

US  Mil  Std  785. 
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So  Why  Do  We  Use 

The  allowable  number  of  faults  in  a given 
lime 

eg.  800  faults  per  lOOOfg  hrs 

? 


lijlHllfl 

VENDOR 

Mil-Hdbk  217 

MTBF 

prediction 

observed 

A 

7247 

1160 

B 

5765 

74 

C 

3500 

624 

...E 

2500 

51 

...G 

1600 

3612 

Traditional  R 

MTBFs 

- Failures  are  Inevitable 

- Failures  Occur  Randomly 

- Data  is  Aggregated 

- Top-down  Approach 

- Accounts  for  Reliability 

but 

fails  to  Engineer  a Solution 


Traditional  Approach  to  R 

The  Way  Forward 

RAF  specific  problems  with  MTBFs: 

- RAF  ignores  failure  distribution  and  assumes 

Maintenance-Free  Operating  Periods 

constant  failure  rate. 

(M-FOPs) 

4 Exponential  Dist  over  63%  fail  before  MTBF 

o (=>  a> 

- Need  to  test  all  equipments  to  failure  in  order  to 

substantiate  a MTBF 

- Large  MTBFs  mean  long  test  times. 

Maintenance  Recovery  Periods 

- Small  sample  sizes  mean  tests  are  statistically 
insignificant 
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Twin  Concept 
M/F-FOP 

•Maintenance  & Failure 
•Free 

• Operating 
•Period 


Definition  of  F-FOP 

A period  (measured  in  appropriate 
units)  when  the  system  is  meeting  its 
minimum  required  mission  capability. 


F-FOP  APPLIED 

Definition  of  M-FOP 

• SR(A)1305-UKADGE  Command  & 

A period  of  operation  during  which  the 

Control  System 

system  must  be  able  to  carry  out  all  its 

• SR(A)093 1 - Harrier  GR7  ZEUS  Upgrade 

i 

assigned  missions  without  any 
significant  maintenance  action  and 
without  the  operator  being  restricted  in 
any  way  due  to  system  faults  or 
limitations. 

M-FOP  APPLICATION 

Platform  M-FOP  is 

♦ MER  06/98  Satellite  Communications  System 

• MMER(OE)(A)  ALARP 

the  Challenge 

• FOASST 

• FLA 

• INTERPRET 

. . . .how  do 

• Joint  Strike  Fighter 

• FASM 

W we 

• CV(F) 

J§\  achieve  it? 

F9 


The  M/F-FOP  Options 


The  M/F-FOP  Options 


So  what  is  different  ? 


Failure  Life  Characteristics 


Point  of 
detection 


1 Predicted 
failure  point 


Is  this  enough  warning  ? 


Usage  (planned/actual) 


Current  working  practices 

a 

Item  failure 

1 o\ 

O Item  rectification 

/°A 

<o  oy 

Fix  faults  as  and  when 
they  occur.  Some  deferment 
of  activity. . . . usually 
spares  driven. 

Design  Solutions 

SMART  STRUCTURES 
SELF-DIAGNOSIS  & CONDITION 
MONITORING 

EARLY  INDICATION  OF  IMPENDING 
FAULTS 

FAULT  TOLERANCE 
RE-CONFIGURABILITY 
SYSTEM  REDUNDANCY 
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Design  Solutions  cont. 

• DESIGN  for  LIFE 

• GRACEFUL  DEGRADATION  WITHOUT  MISSION 
LOSS 

• NEW  EMERGING  TECHNOLOGY 

• IMPROVED  PROCESSES  (IMPROVED 
RELIABILITY) 


STRATEGY 

• 1997 

- Main  Focus  on  Problems  of  Current 
Reliability  Approaches. 

• 1998 

- Feasibility  Studies  and  Apply  to  Minor 
Projects  With  Industry's  Support. 

« Post-PPB 

- Benefits  & Cost  Effectiveness  of  M/F-FOP. 


fW'\  4* 

M ® The  Risks 

\ Continued 

• Changing  the  Culture  Throughout 

V 

Industry 

‘ j E * Adapting  and  Developing  New 

- Including  All  Sub-contractors 

Tools 

• Perceived  - or  Real  - Increase  in  Initial 

- Mil-Hdbk  217F 

Costs 

- LCC  Models 

• Making  the  Partnership  Work 
- So  All  Parties  Benefit 

• Contracting 

MOTIVATORS 


ACHIEVE  R,M&T 


MAXIMISE  OPERATIONAL 
EFFECTIVENESS 

MINIMISE  SUPPORT  COSTS 

1 | 

SYSTEMS  AVAILABLE  WHEN  NEEDED 
NO  MISSION  FAILURES 

MN1MISE  COST  to  REPAIR 
MINIMISE  LOGISTIC  SUPPORT 

Reduced  Downtime 
Reduced  Logistic  Footprint 
= M-FOrs 


